History of Health Information Technology in the U.S.

1. History of Health Information Technology in the U.S. History of Privacy and Security Legislation Lecture a – Background of HIPAA This material (Comp 5 Unit 10) was developed by the University of Alabama at Birmingham, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0007. This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. To view a copy of this license, visit http://creativecommons.org.

2. History of Privacy andSecurity LegislationLearning Objectives • Explain the differences among the terms privacy, confidentiality and security • Discuss the reasons why the administrative simplification provisions were attached to the original HIPAA legislation. • Explain the five principles underlying the HIPAA privacy and security rules • Discuss the reasons why the privacy rule was an action of the executive, not the legislative, branch of the federal government

3. Definitions • Privacy • Confidentiality • Security

4. Definitions 2 • Privacy • The right to be left alone • The right to keep personal information secret • The right to control personal information

5. Definitions 3 • Confidentiality • Sharing or disseminating data only to those with a “need to know”

6. Definitions 4 • Security • Mechanisms to assure the safety of data and systems in which the data reside

7. Health Insurance Portability and Accountability Act • Kennedy-Kassebaum bill (1996) • Public Law 104-191 • Administrative Simplification and Privacy Provisions

8. HIPAA • Improve efficiency of healthcare • Standards for electronic transmission of healthcare information

9. HIPAA 2 • Privacy of information must be assured • Deadline (8/1999) for Congress to pass privacy/confidentiality legislation • Defaults to Secretary of HHS to propose rule • Secretary of HHS must report to Congress in 1997 on approach

10. Privacy and Confidentiality Pre-HIPAA • No national law for privacy/confidentiality of health information prior to HIPAA • Privacy Act of 1974 • Protected information held by the federal government • Joint Commission (accrediting agency for healthcare organizations) • Information management standards include protection of confidential information • “Patchwork” of state laws

11. State Laws • No comprehensive set of laws for access or disclosure • Condition-specific rules varied by state Photo by Omaopio

12. Principles Underlying HIPAA Privacy and Security Rules • Boundaries • Security • Consumer Control • Accountability • Public Responsibility Source: (Shalala, 1997)

13. Principles Underlying HIPAA Privacy and Security Rules 2 • Boundaries Photo by airunp

14. Principles Underlying HIPAA Privacy and Security Rules 3 • Security

15. Principles Underlying HIPAA Privacy and Security Rules 4 • Consumer Control Photo by Win Henderson/FEMA

16. Principles Underlying HIPAA Privacy and Security Rules 5 • Accountability Photo by Daderot

17. Principles Underlying HIPAA Privacy and Security Rules 6 • Public Responsibility

18. HIPAA 1998 – Present • Controversies in privacy debate • Floor or ceiling/floor Source: (Tech Law Journal, 1999) Photo by Jesse Loughborough

19. HIPAA 1998 – Present 2 • Controversies in privacy debate • Patient consent restrictions

20. HIPAA 1998 – Present 3 • Congress failed to pass privacy legislation

21. HIPAA 1998 – 2009 • DHHS Privacy Rule Proposed— Fall, 1999 • Over 50,000 comments received Source: (Tech Law Journal, 1999)

22. Privacy and Security Rules • Final Privacy Rule Published – December, 2000 • Modified several times • Went into effect in April, 2003 • Security Rule – 2005 • Other changes over the years • Major changes in 2009 as a result of HITECH

23. History of Privacyand Security Legislation Summary – Lecture a • Differences among the terms privacy, confidentiality and security • Background of the administrative simplification provisions in the original HIPAA legislation • Five principles underlying the HIPAA Privacy and Security Rules • Passage of HIPAA Privacy and Security Rules

24. History of Privacy and Security LegislationReferences – Lecture a References HHS announces proposed electronic medical records privacy regulations. Tech Law Journal [Internet]. 1999 Oct 30. Available from: www.techlawjournal.com Testimony on Health Insurance Portability and Accountability Act by the Honorable Donna E. Shalala Secretary, U.S. Department of Health and Human Services, before the Senate Committee on Labor & Human Resources. 1997 Sep 11. Available from: www.hhs.gov Images Slide 11: Omaopio. Available from: commons.wikimedia.org. Slide 13: Airunp. Available from: commons.wikimedia.org. Slide 14: Available from: commons.wikimedia.org. Slide 15: Win Henderson/FEMA. Available from: commons.wikimedia.org. Slide 16: Dadero Available from: commons.wikimedia.org. Slide 17: Available from: commons.wikimedia.org. Slide 18: Jess Loughborough CC BY-NC-ND 2.0. Available from: www.flickr.com.

25. History of Health IT in the U.S.History of Privacy and Security Legislation, Lecture a This material was developed by the University of Alabama at Birmingham, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0007.